Data controllers cannot sub-contract their obligations under data legislation
Following the ICO’s first fine under the GDPR in December since it came into effect, we revisit how the decision confirmed that the presence of a sub-contractor does not absolve a data controller of its responsibilities and obligations under the GDPR to ensure the security of any processing undertaken by it or on its behalf.